/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* https://opensso.dev.java.net/public/CDDLv1.0.html or
* opensso/legal/CDDLv1.0.txt
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: JKSKeyProvider.java,v 1.4 2008/06/25 05:47:38 qcheng Exp $
*
*/
/*
* Portions Copyrighted 2013-2016 ForgeRock AS.
*/
package com.sun.identity.saml.xmlsig;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLUtilsCommon;
import org.forgerock.openam.utils.AMKeyProvider;
import javax.crypto.SecretKey;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
/**
* The class JKSKeyProvider
is a class
* that is implemented to retrieve X509Certificates and Private Keys from
* user data store.
*
*/ public class JKSKeyProvider implements KeyProvider { private final AMKeyProvider keyProvider; /** * Constructor */ public JKSKeyProvider() { keyProvider = new AMKeyProvider(); keyProvider.setLogger(SAMLUtilsCommon.debug); } /** * Constructor */ public JKSKeyProvider(String keyStoreFilePropName,String keyStorePassFilePropName, String keyStoreTypePropName, String privateKeyPassFilePropName) { keyProvider = new AMKeyProvider(keyStoreFilePropName, keyStorePassFilePropName, keyStoreTypePropName, privateKeyPassFilePropName); keyProvider.setLogger(SAMLUtilsCommon.debug); } /** * Set the key to access key store database. This method will only need to * be calles once if the key could not be obtained by other means. * @param storepass password for the key store * @param keypass password for the certificate */ public void setKey(String storepass, String keypass) { keyProvider.setKey(storepass, keypass); } /** * Return java.security.cert.X509Certificate for the specified certAlias. * @param certAlias Certificate alias name * @return X509Certificate which matches the certAlias, return null if the certificate could not be found. */ public java.security.cert.X509Certificate getX509Certificate (String certAlias) { return keyProvider.getX509Certificate(certAlias); } /** * Return java.security.PublicKey for the specified keyAlias * @param keyAlias Key alias name * @return PublicKey which matches the keyAlias, return null if the PublicKey could not be found. */ public java.security.PublicKey getPublicKey (String keyAlias) { return keyProvider.getPublicKey(keyAlias); } /** * Return java.security.PrivateKey for the specified certAlias. * @param certAlias Certificate alias name * @return PrivateKey which matches the certAlias, return null if the private key could not be found. */ public java.security.PrivateKey getPrivateKey (String certAlias) { return keyProvider.getPrivateKey(certAlias); } @Override public SecretKey getSecretKey(String certAlias) { return keyProvider.getSecretKey(certAlias); } /** * Return the {@link java.security.PrivateKey} for the specified certAlias and encrypted private key password. * @param certAlias Certificate alias name * @param encryptedKeyPass The encrypted keypass to use when getting the private certificate * @return PrivateKey which matches the certAlias, return null if the private key could not be found. */ public PrivateKey getPrivateKey (String certAlias, String encryptedKeyPass) { return keyProvider.getPrivateKey(certAlias, encryptedKeyPass); } /** * Get the alias name of the first keystore entry whose certificate matches * the given certificate. * @param cert Certificate * @return the (alias) name of the first entry with matching certificate, * or null if no such entry exists in this keystore. If the keystore * has not been loaded properly, return null as well. */ public String getCertificateAlias(Certificate cert) { return keyProvider.getCertificateAlias(cert); } /** * Get the private key password * @return the private key password */ public String getPrivateKeyPass() { return keyProvider.getPrivateKeyPass(); } /** * Get the keystore * @return the keystore */ public KeyStore getKeyStore() { return keyProvider.getKeyStore(); } /** * Return java.security.PrivateKey for the given X509Certificate. * @param cert X509Certificate * @return PrivateKey which matches the cert, return null if the private key could not be found. */ //TODO:????? does not seem keystore support this /*public java.security.PrivateKey getPrivateKey ( java.security.cert.X509Certificate cert) { java.security.PrivateKey key = null; if (SAMLUtilsCommon.debug.messageEnabled()) { SAMLUtilsCommon.debug.message("NOT implemented!"); } return key; }*/ /** * Set the Certificate with name certAlias in the leystore * @param certAlias Certificate's name Alias * @param cert Certificate */ public void setCertificateEntry(String certAlias, Certificate cert) throws SAMLException { try { keyProvider.setCertificateEntry(certAlias, cert); } catch (KeyStoreException e) { throw new SAMLException(e.getMessage()); } } /** * Get the Certificate named certAlias. * @param certAlias Certificate's name Alias * @return the Certificate, If the keystore * doesn't contain such certAlias, return null. */ public Certificate getCertificate(String certAlias) { return keyProvider.getCertificate(certAlias); } /** * Store the keystore changes */ public void store() throws SAMLException { try { keyProvider.store(); } catch (KeyStoreException e) { throw new SAMLException(e.getMessage()); } catch (CertificateException e) { throw new SAMLException(e.getMessage()); } catch (NoSuchAlgorithmException e) { throw new SAMLException(e.getMessage()); } catch (IOException e) { throw new SAMLException(e.getMessage()); } } /** * Return Certificate for the specified PublicKey. * @param publicKey Certificate public key * @return Certificate which matches the PublicKey, return null if the Certificate could not be found. */ public Certificate getCertificate (java.security.PublicKey publicKey) { return keyProvider.getCertificate(publicKey); } @Override public boolean containsKey(String alias) { return keyProvider.containsKey(alias); } }